Summary: Reports are out that a new batch of stolen credit
and debit cards hit the cybercrime underground on Tuesday, with multiple
banks confirming that The Home Depot stores may be the source.

Home Depot Inc. (HD)’s
investigation of a suspected hacker attack is renewing pressure on
retailers and credit-card providers to strengthen payment-system
security. Home Depot spokesperson Paula Drake confirmed that the company is investigating. “I can confirm we are looking into some unusual activity and we are
working with our banking partners and law enforcement to investigate,”
Drake said, reading from a prepared statement. “Protecting our
customers’ information is something we take extremely seriously, and we
are aggressively gathering facts at this point while working to protect
customers. If we confirm that a breach has occurred, we will make sure
customers are notified immediately. Right now, for security reasons, it
would be inappropriate for us to speculate further – but we will provide
further information as soon as possible.”

The largest home-improvement chain said yesterday, 02 Sept. 2014, that it was working with banks and law enforcement
on the possible incursion, following a report by KrebsOnSecurity that a
“massive” batch of stolen credit- and debit-card information was posted
for sale online.

There are signs that the perpetrators of this apparent breach may be
the same group of Russian and Ukrainian hackers responsible for the data
breaches at Target, Sally Beauty and P.F. Chang’s, among others. The banks contacted by Brian Krebs, reporter for KrebsOnSecurity.com, all purchased their customers’ cards from the same underground store – rescator[dot]cc — which on Sept. 2 moved two massive new batches of stolen cards onto the market.

A number of banks are telling Krebs that the breach dates as far back as
April and that all 2,200 Home Depot locations in the U.S. could be
involved. By comparison, there are 1,795 Target locations in the U.S.. That could make a Home Depot breach even bigger
than that of Target, which began in November and was reported in December.

In
that breach, Target said hackers had stolen credit or debit card
information from about 40 million customers. The company also said
criminals had stolen other pieces of personal information, like email
and mailing addresses, from about 70 million people.

The number of customers affected by The Home Depot breaches amounts to more than one-third of the American population.

A recent Kaspersky Lab research examination of two command and control servers used by the Backoff point-of-sale malware
revealed that a U.S.-based Mexican restaurant chain, a North American
freight shipping company and a North American payroll association had
also been breached.

The breaches prompted a warning by the U.S. Secret Service last week warning of a spree of point-of-sale attacks
affecting more than 1,000 businesses. Backoff has experts concerned
because it’s effective in swiping customer credit card data from
businesses using a variety of exfiltration tools, including memory, or
RAM scraping, techniques, keyloggers and injections into running
processes.

A report from US-CERT said attackers use Backoff to steal payment
card information once they’ve breached a remote desktop or
administration application, one that’s using weak or default credentials
that tumble in a brute-force attack.

Hackers then install Backoff on a point of sale device, injecting the
code into a running process in order to scrape credit card numbers from
memory before they’re encrypted on the device.

“The criminals are getting smarter faster than the companies,” said Jaime Katz, an analyst at Morningstar Inc. in Chicago. If the Home Depot breach is on the same scale as Target (TGT)’s incident last year, “there is obviously significant concern,” she said.

Most recently, a group is said to have stolen more than 1.2 billion Internet credentials
— including usernames and passwords — with more than 500 million email
addresses. In that case, however, most of the IDs exploited were used
for sending spam on social networks, rather than illegal spending and
selling on the black market.

The Home Depot also posted a note to shoppers on its website, urging them to monitor their accounts and report any suspicious activity.

Home Depot shares
fell 2 percent to $91.15 on 02 Sept. 2014, marking the largest one-day decline
in almost five months, after the company said it was looking into the
possible breach. It also prompted credit-card companies such as
Citigroup Inc. to step up efforts to protect customers.

In a separate statement Tuesday, 02.09.14, Goodwill said its customers' credit and
debit card numbers had been stolen at more than 300 stores in 19 states
and Washington, D.C. rom February 2013 through Aug. 14. Goodwill blamed
the security lapse on an unidentified contractor's payment processing
system. Reports about fraud linked to shoppers' cards have been "very
limited," Goodwill said.

Home Depot
on Wednesday confirmed a company laptop was stolen that contains
personal information about approximately 10,000 employees of the
do-it-yourself retailing giant.

Several weeks ago, a Home Depot
human-resources representative in Massachusetts took a laptop computer
home to do some additional work and had the PC stolen from his vehicle
parked in front of his house, according to a company official. The
notebook stored personal information, including names, addresses and
Social Security numbers of roughly 10,000 employees, she says. The data
was not encrypted, but the system was password protected, she adds.

Once
Home Depot investigated the theft and determined which employees' data
was stored on the notebook, the company notified potential victims and
is offering one year of credit monitoring for free, the official says.

"We
have no reason to believe the data was the target of this theft," says
the official, adding that the company has received no evidence of
identity theft as a result of the incident.

Home Depot is continuing to work with law enforcement on an investigation into the theft.

Homeland Security tallies damage from breach at USIS, and it's not pretty.

Employees at the Department of Homeland Security may be feeling a bit less secure about their personal data.

On Aug. 2, Department of Homeland Security officials revealed that
the agency's contractor for conducting security clearance background
checks had been hacked, and an unknown number of DHS employees' personal
data from those investigations had been stolen—potentially by a
state-sponsored hacker. Now the DHS has a handle on how many records
were stolen from contractor USIS: at least 25,000.

The Associated Press cites
information from an unnamed DHS official, who spoke with the service
under the condition of anonymity. "Homeland Security will soon begin
notifying employees whose files were compromised and urge them to
monitor their financial accounts," the Associated Press' Joce Sterman
reported.

USIS is, as the Washington Post reported, the largest contract
provider of background investigations to the federal government. The
attack on USIS comes after the March revelation that the US Office of
Personnel Management had been attacked by hackers based in China,
potentially giving them access to the personal information of millions
of government employees—though OPM offficials say that no personal data
appeared to have been taken in the attack before it was detected.

The US Computer Emergency Response Team (US-CERT), which is part of
DHS, is currently investigating the USIS breach, as are the FBI and
other federal authorities. USIS was already under fire from Congress,
and faces a federal whistleblower lawsuit over the alleged "dumping" of
more than 600,000 background checks for security clearances—marking as
complete checks that were only partially conducted. USIS was responsible
for the background checks for Edward Snowden, and for Aron Alexis—the man responsible for the shootings at the Navy Yard in Washington, DC last year.

The estimate of Homeland Security workers affected by the breach at USIS may rise further. (WJLA)

WASHINGTON (AP) - A Homeland Security Department official says a recent
computer breach at a major government security clearance contracting
firm may have affected the internal files of as many as 25,000 of the
agency's workers.

The official says the estimate of Homeland Security
workers affected by the breach at USIS may rise further. The official
spoke on condition of anonymity in order to discuss details of an
incident that is under active federal criminal investigation. Homeland
Security will soon begin notifying employees whose files were
compromised and urge them to monitor their financial accounts, the
official said.

A USIS spokeswoman declined to comment. The company said earlier in a
statement on its website that the cyberattack appeared to "have the
markings of a state-sponsored attack."

Internal network of USIS was compromised by a
cyber attack which has exposed Government Employees’ Data.
Investigators speculate on a state-sponsored attack

The USIS (U.S. Investigations Services), which provides background checks for the US government was recently hacked. This is the second data breach
in a few months that threaten US government. The USIS recently
acknowledged that its network was violated by a cyber attack and experts
that are investigating on the case believe that the authors of the
attack could be a state-sponsored hacking team.

“We are working closely with federal law
enforcement authorities and have retailed an independent computer
forensics investigations firm to determine the precise nature and extent
of any unlawful entry into our network,” “Experts who have reviewed the
facts gathered to date believe it has all the markings of a
state-sponsored attack.” announced the USIS in a statement.

Early July, alleged Chinese hackers hacked the system of the Office of Personnel Management(OPM),
for this reason the USIS is collaborating with the Bureau and
the Department of Homeland Security (DHS) to track the authors of the
attack and to estimate exactly the compromised data and the impact of
the data breach.

Government offices and subcontractors
are privileged targets for cyber criminals and state-sponsored hackers,
last years according to official documents of The U.S. Department of
Energy in different breaches employees’ and contractors’ personal
information was exposed.

The DHS spokesman Peter Boogaard reported to The
Hill that groups of hackers are targeting some agency which maintains
employees’ information, for this reason the DHS is suggesting to the
employees to monitor their financial accounts for suspicious activity
and is alerting them on possible spear phishing attacks that could be
arranged in the next months to steal further data from Government
Offices.

According Boogaard data belonging to some DHS personnel may have been exposed, but at the time I‘m writing there is no news on the number of employee records exposed.

“Our forensic analysis has concluded that
some DHS personnel may have been affected, and DHS has notified its
entire workforce” “We are committed to ensuring our employees’ privacy
and are taking steps to protect it.” Peter Boogaard said.

The journalists at The Washington Post exclude a linked between the cyber attack on USIS and the data breach suffered in March 2014 by OPM.

“The intrusion is not believed to be related to a March incident in which the OPM’s databases were
hacked, said officials, some of whom spoke on the condition of
anonymity because they were not authorized to speak on the record.”
states the Washington Post

It’s clear that such attacks represent a serious threat for the US Government, stolen information could be used by bad actors to organize dangerous attacks to critical infrastructure of the country.

Sen. Tom Carper, chairman of the Homeland Security and Governmental Affairs Committee, declared in a statement that this kind of incidents demonstrates the importance of cyber security in Homeland security.

“This latest report of a cyber attack on
the major government contractor USIS is deeply troubling and underscores
the scary reality of how much of a target our sensitive information has
become in cyberspace,” “It also shows how urgent it is that we reform
our laws to better combat attacks from malicious actors.” he said.

The USIS breach “is very troubling news,”
“Americans’ personal information should always be secure, particularly
when our national security is involved. An incident like this is simply
unacceptable.” added said Sen. Jon Tester (D-Mont.), a Homeland
Security Committee member.

It is necessary to improve security of high
sensitive networks and maximize the information sharing between private
companies and government entities to promptly identify cyber threats
and adopt the necessary mitigation strategy.

The Chinese hacking group that stole 4.5 million patient records
from a Tennessee hospital chain may have gained some bragging rights
from the heist, but they haven't come close to entering the ranks of the
biggest breaches of all time. In fact, they haven't even cracked the
top 10.

The attack
has gained notoriety for its methods, rather than its size — the
hacking group has been prolific in attacking U.S. medical-device
companies and drug makers. The chart below shows how the Chinese breach compares with others.

\

The
ranking provides little solace if you're one of the people whose
personal information was stolen and used for identity theft. Yet, with
security-software maker Symantec calling this the era of the "mega-breach"
and some attacks hitting the nine digits, it's worth remembering that
hackers have many, many other ways to obtain personal information.

MORE:

Who will be the NEXT Target? Those of Poverty?

Mikahel Love,IIO

Inside a warehouse of a thriving non-profit business that uses the poor for business

It seems that businesses such as Home Depot, Target, Albertson's, Target, Michaels, Neiman Marcus, Sally Beauty, P.F. Chang’s China Bistro
and SuperValu, as well as, some preferred banks appear to the targets,
there resides a mountain of personal data including Social Security
numbers, bank account info and even drivers license details held in
insecure and vulnerable so-called non-profits: Food Banks and Food
Pantries.

These
so-called non-profit businesses have been collecting personal details
for some time now. With investigating into how secure those of poverty
details are, we found that security seemed to be brushed off and/or at
most, bare security features were being used.

Although,
one wouldn't think that a person who must go to a Food Bank and/or Food
Pantry for what to eat would have huge amounts of money and/or assets
on hand to steal, there are a multitude of other reasons why identity
theft takes place: elections; travel; committing a crime to implicate
another ...

It appears there exist hardly any security safe-guards in place to protect identity theft of those who MUST surrender personal details to eat: The abused and/or those of poverty in the U.S..

Not
one food pantry expressed any law in place that commanded them to make
clients surrender their personal details as they would when applying for
a loan, government assistance, etc.

Could it be that Food Pantries and Food Banks are a cloaked arm of government?

DO NOT rely upon governments and/or others to safe-guard your personal details. YOU must be vigilant.

Specifically, one such theory
goes, the hacker (or hackers) was able to nail down the iCloud passwords
of the celeb victims and root around in their Apple storage lockers
after gaining access. The responsible party may have used a tool called iBrute, according to The Daily Dot,
which exploited a (since-fixed) iCloud bug that allowed a forced
digital entry by guessing several common passwords until the correct one
unlocked the front door.

It hasn’t been confirmed that iBrute was used; the tool’s creator sees no evidence that it was, but concedes that it’s possible.
iBrute used 500 of the most common passwords that were leaked from a
service called RockYou, which leaked out 32 million usernames and
passwords way back in 2009; the tool’s creators posted those passwords
in a long list on the developer site GitHub.

Listed below are 500 common
passwords below. The passwords that iBrute worked with included one
capital letter and one number, so old standbys like “password” and
“iloveyou” do not appear here.

Even though these passwords are
from 2009, the Great Celebrity Hack of 2014 serves as another reminder
that if you use any of the following 500 passwords on any service, it’s
way past time for a change.

Oh yes, and while you’re at it, you should make sure that you have two-factor authentication enabled on any account that offers it, and make sure you’re using as strong a password as possible. And remember, "Think SMART when developing a PASSWORD!